When I am reclining in my Bach Seat, contemplating sharing tech services, my mind wanders to the consumerization of IT. The iPads have made an official beachhead and Skype has made it inside the perimeter. So I should not feel alone being concerned about security according to recent reports from Trend Micro and Cisco (CSCO).
Help Net Security reports that despite more workplaces regulating social networking site access, employees bypass security roadblocks to engage in social networking. The research by Trend Micro says that employees are finding ways around security roadblocks, making social networking a way of office life around the world. Trend Micro’s 2010 corporate end-user survey, found that globally, social networking at the workplace steadily rose from 19 percent in 2008 to 24 percent in 2010.
The survey also found that laptop users are much more likely than desktop users to visit social networking sites. Globally, social networking usage via laptops went up by 8 percent from 2008 to 2010. In the U.S., it increased by 10 percent In 2010, 29 percent of laptop users versus 18 percent of desktop users surveyed said they frequented these sites at work.
The survey also found that laptop users who can connect to the Internet outside of the company network are more likely to share confidential information via instant messenger, Webmail, and social media applications than those who are always connected to a company’s network.
A 2010 Cisco survey, which looked at the security impact of personal gadgets and social networking in the workplace, found that employees are consistently (Cisco’s words) finding ways around security policies. 68 percent of those surveyed by Cisco said that employees use unsupported social networking applications. Heavy use of unsupported collaboration, P2P, and cloud applications were also reported. More than half said social networking is one of their organization’s three greatest security risks. More than a third reported that their company lost data or experienced a breach because of employees using unsupported devices.
rb-
So why is Facebook such a problem for enterprises? For one, it is a huge time waster. Datacenter Knowledge reports that Facebook users spend a total of more than 16 billion minutes on social networking site Facebook per day. Facebook VP of Technical Operations Jonathan Heiliger stated that 3 billion photos are uploaded to Facebook each month and users view more than 1 million photos every second during a presentation at the Velocity 2010 conference
The more popular the social network, the more effective social networks become as malware distribution platforms. KOOBFACE, the “largest Web 2.0 botnet,” controls and commands compromised machines globally. This demonstrates the scale of the threat and emphasizes the need to educate users and implement strong policies.
Trend Micro says that trying to just prevent users from accessing social networks from work could potentially increase the risk to an organization as users look for ways around computer security possibly increasing the chance of exposure to security threats. The lesson, in Cisco’s view, is that you better find the technologies–and resources–to support personal devices and applications because they will be used regardless. “The best strategic approach is to focus less on restricting usage and more on effective solutions to ensure highly secure, responsible use,” said Fred Kost, Cisco’s director of security solutions.
Call me old-school but it seems that employees have always learned to work within reasonable company boundaries. Another option for those organizations that need web 2.0 in the organization should take a look at Palo Alto Networks who have developed a firewall that can block the wasteful parts of social media and leave some parts of the web 2.0 app accessible.
Consumer technologies evolve faster than the IT department budget, and it could be a constant game of catch-up trying to accommodate the latest rogue gadgets and widgets. Ultimately, rogue IT use is not so much a failure of technology, but a failure of policy and policy enforcement.
Related articles
- Teaching Your Employees Social Media (businessinsider.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Very valid, pithy, scucinct, and on point. WD.